CVE-2009-0668
CRITICAL9.8EPSS 0.64%zodb - several
發布日:2022/5/2修改日:2026/3/9
描述
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
受影響套件(6)
- Debian/zodbfrom 0, < 1:3.8.2-1
- Debian/zodbfrom 0, < 1:3.6.0-2+lenny3
- Debian/zope2.10from 0, < 2.10.6-1+lenny1
- Debian/zope2.9from 0, < 2.9.6-4etch2
- PyPI/zodb3from 0, < 3.8.2
- PyPI/zodb3from 0, < 3.8.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(14)
- ADVISORYhttp://secunia.com/advisories/36204
- ADVISORYhttp://secunia.com/advisories/36205
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2009-0668
- ADVISORYhttp://www.vupen.com/english/advisories/2009/2217
- PATCHhttps://github.com/zopefoundation/ZODB3
- WEBhttp://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
- WEBhttp://osvdb.org/56827
- WEBhttp://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/52377
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-8.yaml
- WEBhttps://web.archive.org/web/20151023102330/http://secunia.com/advisories/36204
- WEBhttps://web.archive.org/web/20151023102336/http://secunia.com/advisories/36205
- WEBhttps://web.archive.org/web/20200229152709/http://www.securityfocus.com/bid/35987
- WEBhttp://www.securityfocus.com/bid/35987